<?#//v.3.1.1
#///////////////////////////////////////////////////////
#//  COPYRIGHT 2004 Phpauction.org ALL RIGHTS RESERVED//
#///////////////////////////////////////////////////////

require('../includes/config.inc.php');
include "loggedin.inc.php";

unset($ERR);

#//
if($_POST[action] == "search"  && phpa_securepost($_POST))
{
	#// 
	$query = "SELECT id FROM PHPAUCTIONXL_auctions WHERE id='".$_POST['auctionid']."'";
	$res = @mysql_query($query);
	if(!$res)
	{
		print "Error: $query<BR>".mysql_error();
		exit;
	}elseif(mysql_num_rows($res) > 0){
		$query = "SELECT max(id) as id, bidder, bid FROM PHPAUCTIONXL_bids WHERE auction='".$_POST['auctionid']."' GROUP BY auction, bidder, bid ORDER BY id DESC";
		$res = @mysql_query($query);
		if(mysql_num_rows($res) > 0){
			$max_bid_id = mysql_result($res,0,"id");
			$max_bidder = mysql_result($res,0,"bidder");
			$max_bid = mysql_result($res,0,"bid");
			if(mysql_num_rows($res) > 1){
				$next_max_bid_id = mysql_result($res,1,"id");
				$next_max_bidder = mysql_result($res,1,"bidder");
				$next_max_bid = mysql_result($res,1,"bid");
			}else{
				$next_max_bid_id = 0;
				$next_max_bidder = 0;
				$next_max_bid = 0;
			}

			// Delete bid of higher bidder
			$query = "DELETE FROM PHPAUCTIONXL_bids WHERE id='".$max_bid_id."'";
			$res = @mysql_query($query);

			// Delete proxybid of higher bidder
      $res = @mysql_query("SELECT max(bid) as bid FROM PHPAUCTIONXL_proxybid WHERE itemid='".$_POST['auctionid']."' AND userid='".$max_bidder."'");
      $proxybid_to_delete = @mysql_result($res,0,"bid");
      $query = "DELETE FROM PHPAUCTIONXL_proxybid WHERE userid='".$max_bidder."' AND bid=".$proxybid_to_delete;
			$res = @mysql_query($query);

			// Update minimum_bid in auctions table
			$current_bid = $next_max_bid ? $next_max_bid : "minimum_bid";
			$query = "UPDATE PHPAUCTIONXL_auctions SET current_bid ='".$current_bid."'";
			$res = @mysql_query($query);
			
			$ERR = $MSG_30_0190."<br><br>
			<a href=".$SETTINGS[siteurl]."item.php?id=".$_POST['auctionid']." target=_blank>$MSG_138</a>";
		}
		
	}else{
		$ERR = $ERR_122;
	}
}

?>
<HTML>
<HEAD>
<link rel='stylesheet' type='text/css' href='style.css' />
<link href="css/main.css" rel="stylesheet" type="text/css">
</HEAD>
<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#666666" alink="#000066" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="titulo">
        <tr> 
          <td class="icono"><img src="images/auction_icon2.gif" width="31" height="25" ></td>
          <td class="breadcrumbs"><p><span><?=$MSG_30_0031?></span>&nbsp;&gt;&gt;&nbsp;<?=$MSG_30_0032?></p></td>
        </tr>
      </table></td>
  </tr>
  <tr>
    <td align="center" valign="middle">&nbsp;</td>
  </tr>
    <tr> 
    <td align="center" valign="middle">

<TABLE BORDER=0 WIDTH=100% CELLPADDING=0 CELLSPACING=0 BGCOLOR="#FFFFFF">
<TR>
<TD align="center">
<BR>
<FORM NAME=conf ACTION=<?=basename($_SERVER['PHP_SELF'])?> METHOD=POST>
	<TABLE WIDTH="95%" BORDER="0" CELLSPACING="0" CELLPADDING="0" class="base">
		<TR>
			<TD ALIGN=CENTER class=title>
				<p><? print $MSG_30_0032; ?></p>
			</TD>
		</TR>
		<TR>
			<TD>
				<TABLE WIDTH=100% ALIGN="CENTER" CELLPADDING=0 cellspacing=0 style="1px solid #ccc;">
				<?
				if(isset($ERR))
				{
				?>
					<TR BGCOLOR=yellow>
					<TD COLSPAN="2" class="error"><B>
					  <p><? print $ERR; ?></p>
					  </B></TD>
				  </TR>
				 <?
				}
				 ?>
					<TR VALIGN="TOP">
						<TD colspan="2" class="line">
						<p><? print $MSG_30_0033; ?></p>						</TD>
					  </TR>
					<TR VALIGN="TOP">
						<TD WIDTH=125 class="line gris" HEIGHT="35">
							<p><? print $MSG_113; ?></p>						</TD>
						<TD WIDTH="375" class="line gris" HEIGHT="35">
							<INPUT TYPE="text" SIZE=15 NAME="auctionid" VALUE="<?=$POST['auctionid']?>"></TD>
					</TR>
					
					<TR>
						<TD WIDTH=125>
							<INPUT TYPE="hidden" NAME="action" VALUE="search">
                            <INPUT TYPE="hidden" NAME="security" VALUE="<?php echo $_SESSION['security'];?>" />							</TD>
						<TD WIDTH="375">
							<INPUT TYPE="submit" NAME="act" VALUE="<? print $MSG_30_0034; ?>" class="action">						</TD>
					</TR>
					<TR>
						<TD WIDTH=125 class="line"></TD>
						<TD WIDTH="375" class="line"> </TD>
					</TR>
				</TABLE>
			</TD>
		</TR>
	</TABLE>
	</FORM>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
